Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Silentium — HackTheBox Writeup Platform: HackTheBox...

📄 Flowise Missing Authentication

Proof of concept for Flowise versions prior to 3.0.5 that suffer from a missing authentication vulnerability. Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/...

Flowise < 3.0.5 - Missing Authentication for Critical Function

Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-58434 from requests import post fr...

CVE-2025-58434

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

CVE-2025-58434

creationtimestamp| type| source ---|---|--- 2025-09-12 17:22:29+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wgpv-6j63-x5ph 2025-09-13 00:01:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lyohwndubm2t 2025-09-15 02:29:07+00:00...